Skip to content

Commit

Permalink
improve: apply tachyon optimizations(2 & 5) (privacy-scaling-explor…
Browse files Browse the repository at this point in the history 
…ations#329)

* fix: replace "fold" with "for" loop in "lookup_commit_permuted"

* fix: remove "z.clone()" in "permutation_commit"

* fix: roll back "fold" op in "lookup_commit_permuted"

* improve: apply "batch_normalize" in "lookup_commit_permuted"

* fix: use the "batch_normalize" everywhere possible

* chore: fmt + clippy
  • Loading branch information
@guorong009
guorong009 authored May 22, 2024
1 parent c57b007 commit 0513fb4
Show file tree
Hide file tree
Showing 7 changed files with 76 additions and 38 deletions.
23 changes: 13 additions & 10 deletions halo2_backend/src/plonk/keygen.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,23 @@ where
)?
.build_vk(params, &domain, &cs.permutation);

let fixed_commitments = circuit
.preprocessing
.fixed
.iter()
.map(|poly| {
params
.commit_lagrange(
let fixed_commitments = {
let fixed_commitments_projective: Vec<C::CurveExt> = circuit
.preprocessing
.fixed
.iter()
.map(|poly| {
params.commit_lagrange(
&H2cEngine::new(),
&Polynomial::new_lagrange_from_vec(poly.clone()),
Blind::default(),
)
.to_affine()
})
.collect();
})
.collect();
let mut fixed_commitments = vec![C::identity(); fixed_commitments_projective.len()];
C::CurveExt::batch_normalize(&fixed_commitments_projective, &mut fixed_commitments);
fixed_commitments
};

Ok(VerifyingKey::from_parts(
domain,
Expand Down
20 changes: 15 additions & 5 deletions halo2_backend/src/plonk/lookup/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,20 +130,30 @@ where
let mut commit_values = |values: &Polynomial<C::Scalar, LagrangeCoeff>| {
let poly = pk.vk.domain.lagrange_to_coeff(values.clone());
let blind = Blind(C::Scalar::random(&mut rng));
let commitment = params
.commit_lagrange(&engine.msm_backend, values, blind)
.to_affine();
let commitment = params.commit_lagrange(&engine.msm_backend, values, blind);
(poly, blind, commitment)
};

// Commit to permuted input expression
let (permuted_input_poly, permuted_input_blind, permuted_input_commitment) =
let (permuted_input_poly, permuted_input_blind, permuted_input_commitment_projective) =
commit_values(&permuted_input_expression);

// Commit to permuted table expression
let (permuted_table_poly, permuted_table_blind, permuted_table_commitment) =
let (permuted_table_poly, permuted_table_blind, permuted_table_commitment_projective) =
commit_values(&permuted_table_expression);

let [permuted_input_commitment, permuted_table_commitment] = {
let mut affines = [C::identity(); 2];
C::CurveExt::batch_normalize(
&[
permuted_input_commitment_projective,
permuted_table_commitment_projective,
],
&mut affines,
);
affines
};

// Hash permuted input commitment
transcript.write_point(permuted_input_commitment)?;

Expand Down
23 changes: 14 additions & 9 deletions halo2_backend/src/plonk/permutation/keygen.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,15 +261,20 @@ pub(crate) fn build_vk<'params, C: CurveAffine, P: Params<'params, C>>(
}

// Pre-compute commitments for the URS.
let mut commitments = Vec::with_capacity(p.columns.len());
for permutation in &permutations {
// Compute commitment to permutation polynomial
commitments.push(
params
.commit_lagrange(&H2cEngine::new(), permutation, Blind::default())
.to_affine(),
);
}
let commitments = {
let mut commitments_projective = Vec::with_capacity(p.columns.len());
for permutation in &permutations {
// Compute commitment to permutation polynomial
commitments_projective.push(params.commit_lagrange(
&H2cEngine::new(),
permutation,
Blind::default(),
));
}
let mut commitments = vec![C::identity(); p.columns.len()];
C::CurveExt::batch_normalize(&commitments_projective, &mut commitments);
commitments
};

VerifyingKey { commitments }
}
9 changes: 4 additions & 5 deletions halo2_backend/src/plonk/permutation/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,15 +174,14 @@ pub(in crate::plonk) fn permutation_commit<

let blind = Blind(C::Scalar::random(&mut rng));

let permutation_product_commitment_projective =
params.commit_lagrange(&engine.msm_backend, &z, blind);
let permutation_product_commitment = params
.commit_lagrange(&engine.msm_backend, &z, blind)
.to_affine();
let permutation_product_blind = blind;
let z = domain.lagrange_to_coeff(z);
let permutation_product_poly = z.clone();

let permutation_product_coset = domain.coeff_to_extended(z.clone());

let permutation_product_commitment = permutation_product_commitment_projective.to_affine();
let permutation_product_coset = domain.coeff_to_extended(z);

// Hash the permutation product commitment
transcript.write_point(permutation_product_commitment)?;
Expand Down
23 changes: 18 additions & 5 deletions halo2_backend/src/plonk/verifier.rs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
//! Verify a plonk proof
use group::prime::PrimeCurveAffine;
use group::Curve;
use halo2_middleware::circuit::Any;
use halo2_middleware::ff::{Field, FromUniformBytes, WithSmallOrderMulGroup};
use halo2_middleware::zal::impls::H2cEngine;
use halo2curves::CurveAffine;
use std::iter;

use super::{vanishing, VerifyingKey};
Expand Down Expand Up @@ -78,7 +80,9 @@ where
// 1. Get the commitments of the instance polynomials. ----------------------------------------

let instance_commitments = if V::QUERY_INSTANCE {
instances
let mut instance_commitments = Vec::with_capacity(instances.len());

let instances_projective = instances
.iter()
.map(|instance| {
instance
Expand All @@ -91,13 +95,22 @@ where
poly.resize(params.n() as usize, Scheme::Scalar::ZERO);
let poly = vk.domain.lagrange_from_vec(poly);

Ok(params
.commit_lagrange(&default_engine, &poly, Blind::default())
.to_affine())
Ok(params.commit_lagrange(&default_engine, &poly, Blind::default()))
})
.collect::<Result<Vec<_>, _>>()
})
.collect::<Result<Vec<_>, _>>()?
.collect::<Result<Vec<_>, _>>()?;

for instance_projective in instances_projective {
let mut affines =
vec![<Scheme as CommitmentScheme>::Curve::identity(); instance_projective.len()];
<<Scheme as CommitmentScheme>::Curve as CurveAffine>::CurveExt::batch_normalize(
&instance_projective,
&mut affines,
);
instance_commitments.push(affines);
}
instance_commitments
} else {
vec![vec![]; instances.len()]
};
Expand Down
9 changes: 7 additions & 2 deletions halo2_backend/src/poly/ipa/commitment.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,8 +195,13 @@ impl<'params, C: CurveAffine> ParamsProver<'params, C> for ParamsIPA<C> {
let g_lagrange = g_to_lagrange(g_projective, k);

let hasher = C::CurveExt::hash_to_curve("Halo2-Parameters");
let w = hasher(&[1]).to_affine();
let u = hasher(&[2]).to_affine();

let [w, u] = {
let projectives = vec![hasher(&[1]), hasher(&[2])];
let mut affines = [C::identity(); 2];
C::CurveExt::batch_normalize(&projectives, &mut affines);
affines
};

ParamsIPA {
k,
Expand Down
7 changes: 5 additions & 2 deletions halo2_backend/src/poly/ipa/commitment/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,11 @@ pub fn create_proof_with_engine<
let r_j_randomness = C::Scalar::random(&mut rng);
let l_j = l_j + engine.msm(&[value_l_j * z, l_j_randomness], &[params.u, params.w]);
let r_j = r_j + engine.msm(&[value_r_j * z, r_j_randomness], &[params.u, params.w]);
let l_j = l_j.to_affine();
let r_j = r_j.to_affine();
let [l_j, r_j] = {
let mut affines = [C::identity(); 2];
C::CurveExt::batch_normalize(&[l_j, r_j], &mut affines);
affines
};

// Feed L and R into the real transcript
transcript.write_point(l_j)?;
Expand Down

0 comments on commit 0513fb4

Please sign in to comment.